[Secure-testing-commits] r5131 - data/CVE

Sat Dec 16 01:29:35 CET 2006

Author: jmm-guest
Date: 2006-12-16 01:29:33 +0100 (Sat, 16 Dec 2006)
New Revision: 5131

Modified:
   data/CVE/list
Log:
b2evolution not-affected
older linux-2.6 issue already fixed
NFUs


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2006-12-16 00:09:40 UTC (rev 5130)
+++ data/CVE/list	2006-12-16 00:29:33 UTC (rev 5131)
@@ -680,13 +680,13 @@
 CVE-2006-6240 (Directory traversal vulnerability in Sorin Chitu Telnet-FTP Server 1.0 ...)
 	NOT-FOR-US: Sorin Chitu Telnet-FTP Server
 CVE-2006-6239 (webadmin in MailEnable NetWebAdmin Profession 2.32 and Enterprise 2.32 ...)
-	TODO: MailEnable NetWebAdmin
+	NOT-FOR-US: MailEnable NetWebAdmin
 CVE-2006-6238 (The AutoFill feature in Apple Safari 2.0.4 does not properly verify ...)
 	NOT-FOR-US: Apple Safari
 CVE-2006-6237 (SQL injection vulnerability in the decode_cookie function in ...)
 	NOT-FOR-US: Woltlab Burning Board Lite
 CVE-2006-6236 (Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote ...)
-	TODO: check
+	NOT-FOR-US: Acrobat Reader
 CVE-2006-6235 (A &quot;stack overwrite&quot; vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x ...)
 	{DSA-1231-1}
 	- gnupg 1.4.6-1 (high; bug #401894; bug #401898; bug #401914)
@@ -716,7 +716,7 @@
 CVE-2006-6223 (Cross-site scripting (XSS) vulnerability in Google Search Appliance ...)
 	NOT-FOR-US: Google Search Appliance
 CVE-2006-6222 (Stack-based buffer overflow in the NetBackup bpcd daemon (bpcd.exe) in ...)
-	TODO: check
+	NOT-FOR-US: Symantec Veritas NetBackup 
 CVE-2006-6221 (2X ThinClientServer Enterprise Edition before 4.0.2248 allows remote ...)
 	NOT-FOR-US: 2X ThinClientServer Enterprise Edition
 CVE-2006-6220 (Multiple SQL injection vulnerabilities in Recipes Website (Recipes ...)
@@ -766,7 +766,7 @@
 CVE-2006-6198 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost ...)
 	NOT-FOR-US: cPanel
 CVE-2006-6197 (Multiple cross-site scripting (XSS) vulnerabilities in b2evolution ...)
-	TODO: check b2evolution 
+	- b2evolution <not-affected> (0.9 releases not vulnerable)
 CVE-2006-6196 (Cross-site scripting (XSS) vulnerability in the search functionality ...)
 	NOT-FOR-US: Fixit iDMS Pro Image Gallery 
 CVE-2006-6195 (Multiple SQL injection vulnerabilities in Fixit iDMS Pro Image Gallery ...)
@@ -1578,7 +1578,7 @@
 CVE-2006-5823 (The zlib_inflate function in Linux kernel 2.6.x allows local users to ...)
 	- linux-2.6 <unfixed>
 CVE-2006-5822 (Stack-based buffer overflow in the NetBackup bpcd daemon (bpcd.exe) in ...)
-	TODO: check
+	NOT-FOR-US: Symantec Veritas NetBackup 
 CVE-2006-5821 (Heap-based buffer overflow in the IMA_SECURE_DecryptData1 function in ...)
 	NOT-FOR-US: Citrix
 CVE-2006-5820
@@ -1890,7 +1890,7 @@
 CVE-2006-5681
 	RESERVED
 CVE-2006-5680 (The libarchive library in FreeBSD 6-STABLE after 2006-09-05 and before ...)
-	TODO: check libarchive
+	TODO: check libarchive, pinged maintainer
 CVE-2006-5679 (Integer overflow in the ffs_mountfs function in FreeBSD 6.1 allows ...)
 	- kfreebsd-5 <unfixed>
 	[etch] - kfreebsd-5 <no-dsa> (no security support for freebsd)
@@ -1953,7 +1953,7 @@
 CVE-2006-5650 (The ICQPhone.SipxPhoneManager ActiveX control in America Online ICQ ...)
 	NOT-FOR-US: ICQPhone.SipxPhoneManager
 CVE-2006-5649 (Unspecified vulnerability in the &quot;alignment check exception handling&quot; ...)
-	TODO: check
+	- linux-2.6 2.6.18-4
 CVE-2006-5648 (Ubuntu Linux 6.10 for the PowerPC (PPC) allows local users to cause a ...)
 	TODO: check
 CVE-2006-5647 (Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for ...)
@@ -2659,10 +2659,9 @@
 CVE-2006-5331
 	RESERVED
 CVE-2006-5330 (CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 for ...)
-	- flashplugin-nonfree <unfixed> (medium)
+	- flashplugin-nonfree <unfixed> (bug #402822; medium)
 	[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported, only installer package)
 	[etch] - flashplugin-nonfree <no-dsa> (Contrib not supported, only installer package)
-	TODO: file bug, fixed in 9.0.28.0
 CVE-2006-5329
 	RESERVED
 CVE-2006-5328 (OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and ...)
@@ -3247,7 +3246,6 @@
 	NOT-FOR-US: Web-News
 CVE-2006-5052 (Unspecified vulnerability in portable OpenSSH before 4.4, when running ...)
 	TODO: check
-	NOTE: This may be a dupe of CVE-2006-4925
 CVE-2006-5051 (Signal handler race condition in OpenSSH before 4.4 allows remote ...)
 	{DSA-1212 DSA-1189-1}
 	- openssh 1:4.3p2-4 (unimportant)
@@ -3574,7 +3572,7 @@
 CVE-2006-4903
 	RESERVED
 CVE-2006-4902 (The NetBackup bpcd daemon (bpcd.exe) in Symantec Veritas NetBackup 5.0 ...)
-	TODO: check
+	NOT-FOR-US: Symantec Veritas NetBackup
 CVE-2006-4901 (Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up ...)
 	NOT-FOR-US: CA eTrust
 CVE-2006-4900 (Directory traversal vulnerability in Computer Associates (CA) eTrust ...)


